The payment terminals, POS (Point of Sale) terminals that are located permanently in commercial premises are known. The POS terminal works in such a way, that the transfer of money from the purchaser's account to the shop operator's account is secured within an agreed system. Up till now, the payment over POS terminal was characterized as a payment, in which the payment's recipient has a POS terminal and the paying customer uses a corresponding card as a payment device. In the first phase, a check, verification of the card holder is run. This process should be highly secured and should be realized without unreasonable effort on the side of both the merchant and the paying customer. Subsequently, a process in which the paid amount is automatically credited to the shop operator's account is run. Originally, cards equipped only with a magnetic stripe were used for the run of payment-terminal application. However, with respect to the technical restrictions, the magnetic stripe with loaded data presented a security risk, since the magnetic stripe could be copied or changed with the use of simple technical devices. Reading of internal data from magnetic stripe is low-tech.
Therefore, an agreement on creation of EMV standard using microchip located on the payment card was made between the card issuers Europay International, MasterCard and VISA in the second half of the nineties. EMV (Europay MasterCard Visa) standard describes interaction between the payment card chip and POS terminal for the purpose of ensuring worldwide interoperability. The usage of microchip enables to protect data located on it in such a way that it is not possible to access them from the outside without a PIN. The usage of chip on the card also enables the Cardholder Verification to be realized even without online connection to the processor centre. While magnetic stripe represented a passive data carrier, the chip on the card is basically a small computer with its own computing capacity, with secured parts of the memory and with a data encryption unit. Despite the mentioned technical characteristics of the current POS terminals, it was discovered that in case of fraudulent adjustments and manipulations in the insides of the POS terminal or in case of inserting an intermediary link to the reading device, the data from the card and the PIN code can be disclosed. It usually happens without the knowledge of the owner of the shop with the POS terminal and even then usually in case of insufficient control by the attending personnel or by other fraudulent way.
However until now, there are not known such technical tools that would enable converting the mobile phone into that kind of payment terminal, which would be owned by the paying customer and which would have the security required by the individual participants of the entire business relationship (payment card issuer, processing centre, bank, merchant).
The solution under the CN101351819 patent indicates the possibility of using a mobile phone as a POS terminal; however it does not deal with specific organization of individual essential elements of the system. Many solutions, such as the ones under the patents CN101339685, CN101329801, US2008270246 (A1), SI22595 (A), US2008059375 describe the mobile phone's involvement in direct debit payments, notwithstanding there are no independent POS terminal elements directly in the phone. Or, as it is in the US20077241180 (A1) file, there are solutions in which a mobile phone and a static POS terminal interact.
There is a need for such a technical solution which will have the high security of EMV payment application and which will produce final payment cryptograms exactly in the form of EMV standards and all that even in case of internet payments or other payments realized outside the normal stores, e.g. in case of paying for download of programs that are stored at the mobile handset makers' websites. These kinds of solutions are either not known at the moment or they have security risks that reside in the fact there might come to be disclosed or misused the communication during the data transfer from the paying customer's payment card to the merchant's POS terminal or virtual POS terminal e.g. over internet or in case of NFC or GPRS communication. In case the original close contact between the POS terminal and the payment card in a normal store is lengthened to the communication over internet environment, then the security risks are increased.
The existing POS terminals are distinguished by a stable structure, which besides other things includes a communication channel connected to the payment processing centre, a printer, an encryption key, a card reader, which is mainly a reader of different format cards, and also a keyboard for PIN code entering. This kind of technical configuration requires certain space and it is relatively expensive. The currently known POS terminals are intended for stable sale locations in physical shops, where high costs of purchase, installation and operation of POS terminals are offset by reasonable turnovers of payments for purchases.
The solution according to the published patent WO2008063990 describes a system in which the POS terminal does not have a communication channel with the payment processing center and uses a mediated connection over the customer's mobile phone for it. This solution has lower security because the payment terminal application itself runs on a remote computer and the mobile phone is only a mediator of communication. Other published patents describe divided POS terminal in such a way in which directly on the payment location there is only its managing part that is connected to the remaining part located in some other part of the shop. The existing solutions and published patents do not offer simple instruction of how to create a cheap, non-complicated and eventually also portable POS payment terminal, which would create payment cryptograms according to the current standards, above all the EMV standards.
All solutions currently existing require relatively complicated installation and encompass many input and output devices, which increases their price. Until now, there are no such devices known that would be characterized by both simplicity, high security and that would be portable and usable even in small shops such as in newspaper kiosks or in mobile counters selling fast food.